← 返回 Skills 市场
kaudata

Omnicast

作者 kaudata · GitHub ↗ · v1.0.14 · MIT-0
cross-platform ⚠ suspicious
270
总下载
1
收藏
0
当前安装
15
版本数
在 OpenClaw 中安装
/install omnicast
功能描述
A local multi-modal podcast pipeline. Ingests media, drafts scripts, synthesizes audio, renders cover art, and uploads to YouTube.
安全使用建议
What to check before running/installing: 1) Missing/undocumented credentials: SKILL.md and package.json mention GEMINI_API_KEY and OPENAI_API_KEY, but config/secrets.js references ELEVENLABS_API_KEY and the app includes googleapis and a Google Sign-In client — which strongly suggests you also need Google OAuth (client ID/secret or OAuth tokens) and possibly ElevenLabs keys. Confirm exactly which environment variables (and how credentials/tokens are stored) before supplying secrets. 2) Inspect omitted files: The evaluation truncated several files (youtube.js, linkedin.js, utils/geminiClient.js, and others). Open those files and verify how tokens/refresh tokens are handled, whether credentials are sent to third-party endpoints, and whether any credentials are persisted to disk or uploaded externally. 3) Prompt usage: The app sends explicit system-style prompts to AI SDKs. This is expected for composing/formatting outputs, but review those prompt strings for any unwanted data leakage instructions or hidden directives. 4) Network & SSRF protections: The ingest route includes DNS-based SSRF protection that blocks many private ranges, which is good, but DNS checks and regex-based private IP detection can be incomplete. If you plan to ingest untrusted URLs, consider running the service in a restricted network environment or sandbox. 5) Run in isolation first: Because the code will download external media (YouTube, arbitrary HTTP URLs) and call cloud LLM/TTS APIs, run it locally in an isolated machine or container until you confirm behavior. Ensure FFmpeg is installed independently and verify file write locations (the downloads folder is created under the project directory). 6) Least privilege for credentials: Create service-specific API keys and limit their scope where possible (e.g., dedicated Google OAuth client with limited scopes, ephemeral tokens if feasible). Never paste high-privilege keys into apps until you understand how they are used and stored. 7) If you need higher confidence: Provide the full content of the omitted files (routes/youtube.js, routes/linkedin.js, utils/geminiClient.js, and any remaining truncated files) so they can be audited for unexpected network calls, credential exfiltration, or writes to unexpected paths. Until then, treat undocumented env vars and the prompt-injection flag as red flags.
功能分析
Type: OpenClaw Skill Name: omnicast Version: 1.0.14 OmniCast Studio is a legitimate multi-modal media processing application for generating podcast scripts, audio, and social media assets. The codebase demonstrates strong security awareness, including DNS-resolving SSRF protection in `routes/ingest.js`, path traversal validation in `routes/utilities.js`, and strict localhost binding in `index.js`. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the application's behavior is entirely consistent with its stated purpose.
能力评估
Purpose & Capability
The code implements a local multi-modal podcast pipeline (ingest, draft, TTS, image render, YouTube upload) which is coherent with the skill description. However registry metadata claims no required env vars while the SKILL.md and package.json explicitly require GEMINI_API_KEY and OPENAI_API_KEY. Additionally, config/secrets.js references ELEVENLABS_API_KEY and the package.json includes googleapis — implying Google OAuth / YouTube credentials — but these are not documented in SKILL.md or registry metadata. These omissions are inconsistent and require clarification.
Instruction Scope
SKILL.md instructs running a local Node app and setting GEMINI_API_KEY/OPENAI_API_KEY and FFmpeg; the code binds to 127.0.0.1 and exposes local endpoints as described. Most runtime instructions and endpoints in the code stay within the stated purpose. Caveats: SKILL.md (and the code) use explicit system-style prompts when calling the Gemini/OpenAI SDKs (a pattern flagged by the prompt-injection scanner), and some environment variables (ElevenLabs, likely Google OAuth/credentials) are referenced in code but not in the human-facing setup doc. Also, verify routes not shown (youtube/linkedin and other omitted files) for any unexpected external data sinks or credential handling.
Install Mechanism
There is no special installer; this is an instruction/code bundle intended to be run with npm install/node. The repository uses common npm packages from the registry (googleapis, openai, axios, ffmpeg wrapper, etc.). No downloads from ad-hoc URLs or archive extraction steps are present in the manifest. Installing dependencies via npm is the expected approach for this type of project.
Credentials
SKILL.md and package.json declare GEMINI_API_KEY and OPENAI_API_KEY which are appropriate for text generation and transcription/synthesis. However: config/secrets.js references ELEVENLABS_API_KEY (not listed in SKILL.md), and googleapis in dependencies plus client-side Google Sign-In imply Google/YouTube credentials are needed but are not documented. The mismatch between declared/required env vars in metadata vs. code is disproportionate and should be resolved before use.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. The server binds to localhost only (index.js explicitly listens on 127.0.0.1) which reduces remote exposure. Autonomous invocation by the agent is enabled by default (disable-model-invocation=false) but that is platform normal and is not by itself a reason to distrust the skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install omnicast
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /omnicast 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.14
- Documentation wording and formatting updated in README.md (no functional or feature changes). - Clarified descriptions and purposes of all existing API endpoints. - Setup and system requirements remain unchanged.
v1.0.13
- Expanded and clarified documentation in SKILL.md for API endpoints, setup, and requirements. - Updated environment variable and system requirements information. - Improved descriptions of API endpoints and their purposes. - Added details about where and how the service runs (localhost only). - Enhanced onboarding information for easier initial setup.
v1.0.12
omnicast 1.0.12 - No code or documentation changes detected in this release. - All functionality, requirements, and API endpoints remain unchanged.
v1.0.11
- Internal improvements to draft and LinkedIn routes. - No user-facing changes.
v1.0.10
- Minor internal updates to codebase. - No user-facing changes or updates to the API.
v1.0.9
- Added Gemini API client utility (`utils/geminiClient.js`) for new functionality. - Updated route handlers to support integration with Gemini, including relevant changes in `/draft`, `/images`, `/ingest`, and `/linkedin` routes. - No changes required for environment variables or API endpoints. - Internal improvements to extend multi-modal capabilities with Gemini support.
v1.0.8
- Internal updates to core files: index.js, package.json, and routes/ingest.js. - No user-facing API or documentation changes in this version. - Maintains the existing multi-modal podcast workflow with no new features or breaking changes.
v1.0.7
- Added a "Session Management Note" for consistent workspace flows and avoiding file overwrites. - API documentation improved: streamlined descriptions and standardized curl command examples. - New optional environment variable: ELEVENLABS_API_KEY. - Added endpoint: `/api/session-data` for fetching session workspace state. - Requirements and setup instructions clarified in the skill header.
v1.0.6
- Added YouTube upload support with a new `/api/upload-youtube` endpoint for publishing videos as private drafts. - Improved script drafting for tighter grounding to source material. - Extended language support for LinkedIn package generation (`targetCaptionLanguages` now includes Spanish example). - Added new modules: YouTube route, secrets configuration, and a file processor utility. - Updated documentation to reflect new endpoints and enhanced pipeline steps.
v1.0.5
- Updated internal logic in routes/synthesize.js. - No user-facing API or documentation changes.
v1.0.4
- Internal code changes in ingest, synthesize, and media helper routes. - No user-facing API updates or documentation changes.
v1.0.3
- Internal updates to routes/ingest.js and routes/synthesize.js. - No user-facing API or documentation changes.
v1.0.2
- Updated documentation for clarity and conciseness in SKILL.md. - Streamlined step descriptions with clearer endpoint references. - Moved user-facing instructions and wait guidance from the steps. - Added required binaries and environment variables metadata section. - Combined file download and deletion endpoints into a single section.
v1.0.1
Omnicast 1.0.1 Changelog - Added a README.md for improved documentation. - Updated SKILL.md with clearer API instructions, simplified engine/parameter requirements, and cleaner endpoint formatting. - Standardized API calls and removed some custom header requirements. - Added support for specifying multiple LinkedIn caption languages in the LinkedIn package generation step. - Made minor code and documentation corrections across state management, routing, and public JS files.
v1.0.0
OmniCast Studio 1.0.0 initial release: - Added multi-step, end-to-end podcast pipeline: media ingestion, script drafting, audio synthesis, cover art creation, promotional video compilation, delivery, and optional cleanup. - Clearly documented API endpoints, sequential actions, and usage instructions. - Supports LinkedIn package generation and single-click archive download. - Default settings optimize for OpenAI audio; custom voice clones require user request. - Integrated Gemini for script and cover art prompt creation.
元数据
Slug omnicast
版本 1.0.14
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 15
常见问题

Omnicast 是什么?

A local multi-modal podcast pipeline. Ingests media, drafts scripts, synthesizes audio, renders cover art, and uploads to YouTube. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 270 次。

如何安装 Omnicast?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install omnicast」即可一键安装,无需额外配置。

Omnicast 是免费的吗?

是的,Omnicast 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Omnicast 支持哪些平台?

Omnicast 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Omnicast?

由 kaudata(@kaudata)开发并维护,当前版本 v1.0.14。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论